Merge pull request ivre#1673 from p-l-/more-nuclei

Active/Nuclei: support DNS "ptr-fingerprint" template
MikeoPerfect · Oct 21, 2024 · 079affd · 079affd
2 parents aa48cdf + 6725209
commit 079affd
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 8 deletions.
diff --git a/ivre/db/__init__.py b/ivre/db/__init__.py
@@ -57,6 +57,7 @@
 from ivre.active.cpe import add_cpe_values
 from ivre.active.data import (
     add_cert_hostnames,
+    add_hostname,
     create_ssl_cert,
     handle_http_content,
     handle_http_headers,
@@ -2986,6 +2987,37 @@ def store_scan_json_nuclei(
                     except ValueError:
                         utils.LOGGER.warning("Invalid URL [%r]", url)
                         continue
+                elif rec.get("type") == "dns":
+                    if rec.get("template-id") != "ptr-fingerprint":
+                        # only supported template for now
+                        continue
+                    if not (hostnames := rec.get("extracted-results")):
+                        continue
+                    addr = utils.ptr2addr(rec["host"])
+                    host = {
+                        "addr": addr,
+                        "schema_version": xmlnmap.SCHEMA_VERSION,
+                        "hostnames": [],
+                    }
+                    for hostname in hostnames:
+                        add_hostname(hostname, "PTR", host["hostnames"])
+                    # DNS reocrds are very specific, so we handle them
+                    # differently and continue to the next record
+                    if "timestamp" in rec:
+                        host["starttime"] = host["endtime"] = rec["timestamp"][
+                            :19
+                        ].replace("T", " ")
+                    if categories:
+                        host["categories"] = categories
+                    if tags:
+                        add_tags(host, tags)
+                    if source is not None:
+                        host["source"] = source
+                    host = self.json2dbrec(host)
+                    self.store_host(host)
+                    if callback is not None:
+                        callback(host)
+                    continue
                 else:
                     utils.LOGGER.warning(
                         "Data type %r from nuclei not (yet) supported",

diff --git a/tests/tests.py b/tests/tests.py
@@ -3739,7 +3739,6 @@ def test_10_data(self):
     registered_country_name United States
     coordinates (37.751, -97.822)
     coordinates_accuracy_radius 1000
-    CDN: google as listed by cdncheck (projectdiscovery)
 """.splitlines()
             ),
         )
@@ -3760,13 +3759,6 @@ def test_10_data(self):
                 "registered_country_name": "United States",
                 "coordinates": [37.751, -97.822],
                 "coordinates_accuracy_radius": 1000,
-                "tags": [
-                    {
-                        "value": "CDN",
-                        "type": "info",
-                        "info": ["google as listed by cdncheck (projectdiscovery)"],
-                    }
-                ],
             },
         )